Information Disclosure

2019-12-0605:56:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

22.7%

JSON

sylius/sylius is vulnerable to information disclosure. The vulnerability exists as the internal exception message gets exposed in the login action through the value of last_error.message in Security/_login.html.twig.

CPENameOperatorVersion
sylius/syliusle1.3.13
sylius/syliusle1.4.9
sylius/syliusle1.5.6
sylius/syliusle1.6.2

Name	Operator	Version
sylius/sylius	le	1.3.13
sylius/sylius	le	1.4.9
sylius/sylius	le	1.5.6
sylius/sylius	le	1.6.2

References

github.com/advisories/GHSA-3r8j-pmch-5j2h

github.com/reConNico/Sylius/pull/215

github.com/Sylius/Sylius/commit/19b2fe4a6cdb2186489221ea8b5e5628c8223286

github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945f

github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2h

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for VERACODE:22123